05-20-2021 09:34 AM - edited 05-20-2021 09:35 AM
Hi Community,
Here is the deal,
We want enable Anomalous Endpoint Detection and Enforcement Features of ISE server. Do we need to have Plus licenses to enable mentioned features? I think for Anomalous endpoint enforcement we would need Plus licenses, because we would need to configure an authorization policy for that, but am not really sure and I didn't find any information on the community or elsewhere about this.
Thank you in advanced.
Regards,
Reynaldo Lopez
Solved! Go to Solution.
05-21-2021 04:34 AM
So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?
-Yes.
We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?
-Depends on your requirements. Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses. In live logs under license types you see the following:
Base and Plus license consumed |
To reiterate: One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.
05-20-2021 09:53 AM
Do we need to have Plus licenses to enable mentioned features?
-Yes since you would be utilizing profiling data to make an authorization policy decision.
Example authz condition: EndPoints·AnomalousBehaviour EQUALS True
Not sure of your ISE version, but strongly suggest referencing the following for additional resources:
ISE Profiling Design Guide - Cisco Community
05-20-2021 12:39 PM
Hi Mike,
Thank you for your quick reply and additional resources.
So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?
We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?
Kind regards,
Reynaldo
Kind regards,
Reynaldo
05-21-2021 04:34 AM
So just to be sure, ISE license count would increase every time an endpoint hits the authz Policy "EndPoints·AnomalousBehaviour EQUALS True"?
-Yes.
We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?
-Depends on your requirements. Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses. In live logs under license types you see the following:
Base and Plus license consumed |
To reiterate: One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide